VYPR

Go modules package

github.com/open-policy-agent/opa

pkg:golang/github.com/open-policy-agent/opa

Vulnerabilities (6)

  • CVE-2025-46569HigMay 1, 2025
    affected < 1.4.0fixed 1.4.0

    Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query

  • CVE-2024-8260Aug 30, 2024
    affected < 0.68.0fixed 0.68.0

    A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA

  • CVE-2022-36085Sep 8, 2022
    affected >= 0.40.0, < 0.43.1fixed 0.43.1

    Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if en

  • CVE-2022-33082Jun 30, 2022
    affected < 0.42.0fixed 0.42.0

    An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2022-28946May 19, 2022
    affected < 0.40.0fixed 0.40.0

    An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.

  • CVE-2022-23628Feb 9, 2022
    affected >= 0.33.1, < 0.37.2fixed 0.37.2

    OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree (AST) that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse an